Why not implement a small, stand-alone communication server front-end, based on a derivative of the OCS Communication Server, that can accept the inventory from the agent, and write it directly into the GLPI database? This way, you could have a host in the DMZ running the Communication Server, and have firewall rules only allowing traffic to port 443, and on the back-end, firewall rules only allowing MySQL DB connections in to the GLPI DB server?
The FusionInventory systems offers a lot of potential advantages, but due to these security concerns, I'm leaning toward sticking with OCS and a DMZ-based Communication Server. Thanks! ________________________________________ From: fusioninventory-user-bounces+bhuntsman=mail2.cu-portland....@lists.alioth.debian.org [fusioninventory-user-bounces+bhuntsman=mail2.cu-portland....@lists.alioth.debian.org] on behalf of Gonéri Le Bouder [[email protected]] Sent: Wednesday, October 31, 2012 3:45 AM To: [email protected] Subject: Re: [Fusioninventory-user] DMZ deployment options On Wed, Oct 31, 2012 at 08:53:14AM +0100, Guillaume Rousse wrote: > Le 30/10/2012 20:55, Benjamin Huntsman a écrit : > > So, is anything like that available, possible, or in the works? > DMZ doesn't have any formal definition. What's your exact constraints, in > term of network connections ? Hi Benjamin and all, I used a little script to collect inventory and store them in a directory. After that, you can move these inventory files on another machine outside of the DMZ and push them in the server with fusioninventory-injectory. I'd just created a page on the documentation regarding that: http://www.fusioninventory.org/documentation/fi4g/dmz/ I think I will import collect.php in the agent source tree. For example in the tools directory. Best regards, -- Gonéri _______________________________________________ Fusioninventory-user mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/fusioninventory-user
